ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Velmurugan Periasamy (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (ARGUS-66) Set autocomplete off for fields that contains sensitive data
Date Thu, 18 Sep 2014 04:51:34 GMT

     [ https://issues.apache.org/jira/browse/ARGUS-66?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Velmurugan Periasamy updated ARGUS-66:
--------------------------------------
    Assignee: Selvamohan Neethiraj  (was: Velmurugan Periasamy)

> Set autocomplete off for fields that contains sensitive data
> ------------------------------------------------------------
>
>                 Key: ARGUS-66
>                 URL: https://issues.apache.org/jira/browse/ARGUS-66
>             Project: Argus
>          Issue Type: Bug
>            Reporter: Velmurugan Periasamy
>            Assignee: Selvamohan Neethiraj
>
> Summary :
> The form in login.jsp uses auto completion on line 55, which allows some browsers to
retain sensitive information in their history.Auto completion of forms allows some browsers
to retain sensitive information in their history.
> Explanation :
> With auto completion enabled, some browsers retain user input across sessions, which
could allow someone using the computer after the initial user to see information previously
submitted.
> Recommendation :
> Explicitly disable auto completion on forms or sensitive inputs. By disabling auto completion,
information previously entered will not be presented back to the user as they type. It will
also disable the "remember my password" functionality of most major browsers.
> How to verify:
> When Logging into the system, browser shouldn't allow to the user to save the password.
 Currently browser is asking the user to save the password.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message